From 4995ec03f513d580c4faa41fabc122f0c851f4c2 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Wed, 10 Aug 2022 23:25:58 -0500
Subject: [PATCH] Improve OS support

- Make the VPN setup scripts work on Kali Linux (based on Debian).
- Update IKEv2 helper script to check for OpenSSL 3 first when
  exporting the .p12 file.
---
 extras/ikev2setup.sh        | 24 ++++++++++++------------
 extras/quickstart.sh        |  2 +-
 extras/vpnuninstall.sh      |  2 +-
 extras/vpnupgrade.sh        |  2 +-
 extras/vpnupgrade_ubuntu.sh |  2 +-
 vpnsetup.sh                 |  2 +-
 vpnsetup_ubuntu.sh          |  2 +-
 7 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh
index c90772d..e7955a3 100755
--- a/extras/ikev2setup.sh
+++ b/extras/ikev2setup.sh
@@ -76,7 +76,7 @@ check_os() {
       [Uu]buntu)
         os_type=ubuntu
         ;;
-      [Dd]ebian)
+      [Dd]ebian|[Kk]ali)
         os_type=debian
         ;;
       [Rr]aspbian)
@@ -763,17 +763,7 @@ export_p12_file() {
   p12_file="$export_dir$client_name.p12"
   p12_file_enc="$export_dir$client_name.enc.p12"
   pk12util -W "$p12_password" -d "$CERT_DB" -n "$client_name" -o "$p12_file_enc" >/dev/null || exit 1
-  if [ "$os_type" = "alpine" ] || { [ "$os_type" = "ubuntu" ] && [ "$os_ver" = "11" ]; }; then
-    pem_file="$export_dir$client_name.temp.pem"
-    openssl pkcs12 -in "$p12_file_enc" -out "$pem_file" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
-    openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file_enc" \
-      -name "$client_name" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
-    if [ "$use_config_password" = "0" ]; then
-      openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file" \
-        -name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
-    fi
-    /bin/rm -f "$pem_file"
-  elif [ "$os_ver" = "bookwormsid" ] || openssl version 2>/dev/null | grep -q "^OpenSSL 3"; then
+  if [ "$os_ver" = "bookwormsid" ] || openssl version 2>/dev/null | grep -q "^OpenSSL 3"; then
     ca_crt="$export_dir$client_name.ca.crt"
     client_crt="$export_dir$client_name.client.crt"
     client_key="$export_dir$client_name.client.key"
@@ -791,6 +781,16 @@ export_p12_file() {
         -legacy -name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
     fi
     /bin/rm -f "$pem_file"
+  elif [ "$os_type" = "alpine" ] || [ "$os_ver" = "kalirolling" ] || [ "$os_type$os_ver" = "ubuntu11" ]; then
+    pem_file="$export_dir$client_name.temp.pem"
+    openssl pkcs12 -in "$p12_file_enc" -out "$pem_file" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
+    openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file_enc" \
+      -name "$client_name" -passin "pass:$p12_password" -passout "pass:$p12_password" || exit 1
+    if [ "$use_config_password" = "0" ]; then
+      openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in "$pem_file" -out "$p12_file" \
+        -name "$client_name" -passin "pass:$p12_password" -passout pass: || exit 1
+    fi
+    /bin/rm -f "$pem_file"
   elif [ "$use_config_password" = "0" ]; then
     pk12util -W "" -d "$CERT_DB" -n "$client_name" -o "$p12_file" >/dev/null || exit 1
   fi
diff --git a/extras/quickstart.sh b/extras/quickstart.sh
index 93c91c4..885142c 100755
--- a/extras/quickstart.sh
+++ b/extras/quickstart.sh
@@ -102,7 +102,7 @@ check_os() {
       [Uu]buntu)
         os_type=ubuntu
         ;;
-      [Dd]ebian)
+      [Dd]ebian|[Kk]ali)
         os_type=debian
         ;;
       [Rr]aspbian)
diff --git a/extras/vpnuninstall.sh b/extras/vpnuninstall.sh
index 356accd..cddfb66 100755
--- a/extras/vpnuninstall.sh
+++ b/extras/vpnuninstall.sh
@@ -55,7 +55,7 @@ check_os() {
       [Uu]buntu)
         os_type=ubuntu
         ;;
-      [Dd]ebian)
+      [Dd]ebian|[Kk]ali)
         os_type=debian
         ;;
       [Rr]aspbian)
diff --git a/extras/vpnupgrade.sh b/extras/vpnupgrade.sh
index 3fff58b..331c153 100755
--- a/extras/vpnupgrade.sh
+++ b/extras/vpnupgrade.sh
@@ -70,7 +70,7 @@ check_os() {
       [Uu]buntu)
         os_type=ubuntu
         ;;
-      [Dd]ebian)
+      [Dd]ebian|[Kk]ali)
         os_type=debian
         ;;
       [Rr]aspbian)
diff --git a/extras/vpnupgrade_ubuntu.sh b/extras/vpnupgrade_ubuntu.sh
index c1fa1e2..a31d947 100755
--- a/extras/vpnupgrade_ubuntu.sh
+++ b/extras/vpnupgrade_ubuntu.sh
@@ -46,7 +46,7 @@ check_os() {
     [Uu]buntu)
       os_type=ubuntu
       ;;
-    [Dd]ebian)
+    [Dd]ebian|[Kk]ali)
       os_type=debian
       ;;
     [Rr]aspbian)
diff --git a/vpnsetup.sh b/vpnsetup.sh
index 93c91c4..885142c 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -102,7 +102,7 @@ check_os() {
       [Uu]buntu)
         os_type=ubuntu
         ;;
-      [Dd]ebian)
+      [Dd]ebian|[Kk]ali)
         os_type=debian
         ;;
       [Rr]aspbian)
diff --git a/vpnsetup_ubuntu.sh b/vpnsetup_ubuntu.sh
index 235d858..3b9f798 100755
--- a/vpnsetup_ubuntu.sh
+++ b/vpnsetup_ubuntu.sh
@@ -79,7 +79,7 @@ check_os() {
     [Uu]buntu)
       os_type=ubuntu
       ;;
-    [Dd]ebian)
+    [Dd]ebian|[Kk]ali)
       os_type=debian
       ;;
     [Rr]aspbian)